The RBI guidelines on card tokenization are as follows,


  • Payment aggregator, payment gateway or merchants cannot store card numbers on their servers even if they are PCI/DSS compliant
  • Card networks and Issuing banks can only store card numbers and offer token provisioning services to other entities in payment industry
  • The deadline for compliance of these guidelines is 31st of December 2021